Run a simple command

With the Anjuna SGX Runtime installed, you can use it to run a simple command-line tool inside a secure enclave, like ls.

If you have not done so already, use your license by putting the license file at /opt/anjuna/license.yaml.

Then, run this command:

$ anjuna-sgxrun ls -al

This command displays much more output than usual. The Anjuna SGX Runtime sets up a secure enclave in which to run the command. The extra output is produced as the Anjuna SGX Runtime generates configuration files, sets up the enclave, and prepares to run the command in the protected context.

At the end of the output from the Anjuna SGX Runtime, you will see the normal output of the ls command.

Following is an example of what the output looks like; the exact output when you run the command may be somewhat different:

$ anjuna-sgxrun ls -al
"ls.manifest.template.yaml" created
Compiled manifest written to ls.manifest.sgx
"ls.manifest.sgx" created
"ls.sig" created
Starting "/bin/ls" in Anjuna Runtime
+ exec Runtime/anjuna-runtime --dev /bin/ls -al
[   25] Anjuna Runtime version release-1.51.0002, Copyright (C) Anjuna Security, Inc. All rights reserved.
[   25] Enclave initialized:
[   25]     Enclave base address:           0x0000000800000000
[   25]     Enclave size:                   2GB
[   25]     Maximum number of threads:      64
[   25]     Enclave attributes:             0x0000000000000006
[   25]     Enclave SSA frame size:         1
[   25]     Enclave MRSIGNER:               c0566a320edb50671e19dc3f05f62d04b6d7d3e25abeda5713df5ebc0258e3ac
[   25]     Enclave MRENCLAVE:              3dc36a2411cf8e5da934ecbd3c207bbbf3c035be9c2f516228a1842e0de6769c
/bin/ls: .profile: Function not implemented
Dev Mode - mapping untrusted library: /anjuna/bin/Runtime/libnss_compat.so.2
Dev Mode - mapping untrusted library: /anjuna/bin/Runtime/libnss_compat.so.2
Dev Mode - mapping untrusted library: /lib/x86_64-linux-gnu/libnss_nis-2.27.so
Dev Mode - mapping untrusted library: /lib/x86_64-linux-gnu/libnss_nis-2.27.so
Dev Mode - mapping untrusted library: /anjuna/bin/Runtime/libnsl.so.1
Dev Mode - mapping untrusted library: /anjuna/bin/Runtime/libnsl.so.1
Dev Mode - mapping untrusted library: /anjuna/bin/Runtime/libnss_files.so.2
Dev Mode - mapping untrusted library: /anjuna/bin/Runtime/libnss_files.so.2
[   25] mmap: runtime does not permit direct file I/O (MAP_SHARED)
[   25] mmap: runtime does not permit direct file I/O (MAP_SHARED)
total 40
drwx------ 1 root root  4096 Nov 25 17:15 .
drwxr-xr-x 1 root root  4096 Nov 25 17:14 ..
-rw-r--r-- 1 root root  3106 Apr  9  2018 .bashrc
-rw-r--r-- 1 root root   148 Aug 17  2015 .profile
lrwxrwxrwx 1 root root    19 Nov 25 17:15 Runtime -> /anjuna/bin/Runtime
-rw------- 1 root root  1006 Nov 25 17:15 ls.manifest.sgx
-rw------- 1 root root  1808 Nov 25 17:15 ls.sig
-rw-r--r-- 1 root root 10887 Nov 25 17:15 ls.manifest.template.yaml